Large DEFAULT registry hive, user logon issues

The problem: This one took a fair bit of figuring out at the time, as the symptoms were varied and hard to trace back to the eventual cause. This occurred on an RD farm running Windows Server 2008 R2.

  • Some users may fail to load their profiles on logon with the below error;

Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - Insufficient system resources exist to complete the requested service.

  • The DEFAULT registry hive is growing very large in size (over 1GB)

The registry files can be found under the following folder – C:\Windows\System32\config

  • You may have Samsung printers installed with an older driver version

In my case, the issue eventually turned out to be a couple of Samsung printers the client had installed. Every time a user logged on, it would create registry values under the following location in the default registry hive:

HKEY_USERS\.DEFAULT\Printers\DevModes2

As these were not cleared on logout, they just kept building up over time, to the point that the DEFAULT hive was just too large for Windows to handle. A certain amount of users were able to log on successfully, but once a certain number of users was reached they would not be able to load their profiles.

You can confirm this is the issue by using the dureg utility to check the size of the ‘DevModes2’ key, or alternatively just expand the key in regedit. If it causes regedit to freeze temporarily when you click on the key, chances are it’s the culprit.

The solution: There are a few steps to follow to fully resolve this issue.

  1. Apply this hotfix to each of your RDS servers and reboot

This may stop your DEFAULT hive from expanding, it may not. In my case it didn’t, but it describes the issue exactly so it’s worth a try.

  1. If you have Samsung printers installed, update to the latest drivers

For me, this is what stopped the DEFAULT hive from expanding further, after the hotfix failed to stop it.

  1. Compress your DEFAULT registry hive

The Windows registry is a database and like all databases, when you remove records you don’t necessarily reclaim disk space. The database needs to be compressed in order to reduce the size of the file.

Originally I used the guide posted on this forum link to shrink the registry, however I would not recommend it. I ended up losing a few keys from the DEFAULT hive which Windows tries to reference on logon. This caused the logon process to take up to 5 minutes per user. The Windows Firewall service also did not start automatically after the reboot, causing me to lose remote access to the server.

Your best bet, as always, is to use the Microsoft guide. This involves booting from a WinPE disk, opening the DEFAULT hive in regedit and exporting it to a new file (change ‘Save as type’ to Registry Hive Files). You then rename the files so that your new, exported file is named ‘DEFAULT’. Windows will load this on next boot and hopefully be happy after that. If you do not have console access to the machine you can try with the 3rd party method, but tread carefully; take backups and test thoroughly before removing any snapshots.

As always, this advice is provided as is, with no warranties or guarantees of any kind. Take backups of everything and please don’t break your registry.

Ryan

Leave a Reply

Your email address will not be published. Required fields are marked *